ScreenShot
| Created | 2023.08.07 09:30 | Machine | s1_win7_x6401 |
| Filename | pcr.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 53 detected (Common, Farfli, malicious, high confidence, GenericKD, GenericRXWG, Vl7i, confidence, 100%, ABRisk, MTPT, Attribute, HighConfidence, score, jxwlul, BackdoorX, Gencirc, ofjdi, Siggen11, R023C0XH323, AdwareLinkury, ai score=84, Casdet, Detected, ZexaF, ouW@aGv4hRni, unsafe, Chgt, feLBk2rA69L, susgen) | ||
| md5 | bca6e394222e591240d968c68e6ebfc0 | ||
| sha256 | 4cf3e61708a23a554c170095166cb5f057696ab311ee364ed1ea9677287be0c9 | ||
| ssdeep | 3072:yb9DP66sfcup57HC4TYwG8gaAC4o0dTOYwFF08MGcfkuJaUo9xAg0Fujok40xge7:ybNPRVUBlG8gYZ0BOrojGQGAOj4KDiu | ||
| imphash | b001a6ca19e5bf2daccfb9e23b68d132 | ||
| impfuzzy | 24:9u9QHiCc+9JBlKDBkWtMS1TMU9LoEOovbOIxZMv5GMAkTA:nc+J1WtMS1TMUJc3UZGE | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| notice | Performs some HTTP requests |
| notice | Resolves a suspicious Top Level Domain (TLD) |
| info | Checks if process is being debugged by a debugger |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
ET INFO HTTP Request to a *.top domain
ET DNS Query to a *.top domain - Likely Hostile
ET DNS Query to a *.top domain - Likely Hostile
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x427000 HeapCreate
0x427004 HeapAlloc
0x427008 CreateFileW
0x42700c HeapSize
0x427010 GetProcessHeap
0x427014 SetStdHandle
0x427018 SetEnvironmentVariableW
0x42701c FreeEnvironmentStringsW
0x427020 GetEnvironmentStringsW
0x427024 GetOEMCP
0x427028 GetACP
0x42702c GetLastError
0x427030 WideCharToMultiByte
0x427034 EnterCriticalSection
0x427038 LeaveCriticalSection
0x42703c DeleteCriticalSection
0x427040 SetLastError
0x427044 InitializeCriticalSectionAndSpinCount
0x427048 SwitchToThread
0x42704c TlsAlloc
0x427050 TlsGetValue
0x427054 TlsSetValue
0x427058 TlsFree
0x42705c GetSystemTimeAsFileTime
0x427060 GetModuleHandleW
0x427064 GetProcAddress
0x427068 EncodePointer
0x42706c DecodePointer
0x427070 MultiByteToWideChar
0x427074 CompareStringW
0x427078 LCMapStringW
0x42707c GetLocaleInfoW
0x427080 GetStringTypeW
0x427084 GetCPInfo
0x427088 UnhandledExceptionFilter
0x42708c SetUnhandledExceptionFilter
0x427090 GetCurrentProcess
0x427094 TerminateProcess
0x427098 IsProcessorFeaturePresent
0x42709c QueryPerformanceCounter
0x4270a0 GetCurrentProcessId
0x4270a4 GetCurrentThreadId
0x4270a8 InitializeSListHead
0x4270ac IsDebuggerPresent
0x4270b0 GetStartupInfoW
0x4270b4 RtlUnwind
0x4270b8 RaiseException
0x4270bc FreeLibrary
0x4270c0 LoadLibraryExW
0x4270c4 GetStdHandle
0x4270c8 WriteFile
0x4270cc GetModuleFileNameW
0x4270d0 ExitProcess
0x4270d4 GetModuleHandleExW
0x4270d8 GetCommandLineA
0x4270dc GetCommandLineW
0x4270e0 HeapFree
0x4270e4 IsValidLocale
0x4270e8 GetUserDefaultLCID
0x4270ec EnumSystemLocalesW
0x4270f0 GetFileType
0x4270f4 CloseHandle
0x4270f8 FlushFileBuffers
0x4270fc GetConsoleOutputCP
0x427100 GetConsoleMode
0x427104 ReadFile
0x427108 GetFileSizeEx
0x42710c SetFilePointerEx
0x427110 ReadConsoleW
0x427114 HeapReAlloc
0x427118 FindClose
0x42711c FindFirstFileExW
0x427120 FindNextFileW
0x427124 IsValidCodePage
0x427128 WriteConsoleW
WININET.dll
0x427130 InternetOpenUrlW
0x427134 InternetReadFile
0x427138 InternetCloseHandle
0x42713c InternetOpenW
WS2_32.dll
0x427144 WSACleanup
EAT(Export Address Table) is none
KERNEL32.dll
0x427000 HeapCreate
0x427004 HeapAlloc
0x427008 CreateFileW
0x42700c HeapSize
0x427010 GetProcessHeap
0x427014 SetStdHandle
0x427018 SetEnvironmentVariableW
0x42701c FreeEnvironmentStringsW
0x427020 GetEnvironmentStringsW
0x427024 GetOEMCP
0x427028 GetACP
0x42702c GetLastError
0x427030 WideCharToMultiByte
0x427034 EnterCriticalSection
0x427038 LeaveCriticalSection
0x42703c DeleteCriticalSection
0x427040 SetLastError
0x427044 InitializeCriticalSectionAndSpinCount
0x427048 SwitchToThread
0x42704c TlsAlloc
0x427050 TlsGetValue
0x427054 TlsSetValue
0x427058 TlsFree
0x42705c GetSystemTimeAsFileTime
0x427060 GetModuleHandleW
0x427064 GetProcAddress
0x427068 EncodePointer
0x42706c DecodePointer
0x427070 MultiByteToWideChar
0x427074 CompareStringW
0x427078 LCMapStringW
0x42707c GetLocaleInfoW
0x427080 GetStringTypeW
0x427084 GetCPInfo
0x427088 UnhandledExceptionFilter
0x42708c SetUnhandledExceptionFilter
0x427090 GetCurrentProcess
0x427094 TerminateProcess
0x427098 IsProcessorFeaturePresent
0x42709c QueryPerformanceCounter
0x4270a0 GetCurrentProcessId
0x4270a4 GetCurrentThreadId
0x4270a8 InitializeSListHead
0x4270ac IsDebuggerPresent
0x4270b0 GetStartupInfoW
0x4270b4 RtlUnwind
0x4270b8 RaiseException
0x4270bc FreeLibrary
0x4270c0 LoadLibraryExW
0x4270c4 GetStdHandle
0x4270c8 WriteFile
0x4270cc GetModuleFileNameW
0x4270d0 ExitProcess
0x4270d4 GetModuleHandleExW
0x4270d8 GetCommandLineA
0x4270dc GetCommandLineW
0x4270e0 HeapFree
0x4270e4 IsValidLocale
0x4270e8 GetUserDefaultLCID
0x4270ec EnumSystemLocalesW
0x4270f0 GetFileType
0x4270f4 CloseHandle
0x4270f8 FlushFileBuffers
0x4270fc GetConsoleOutputCP
0x427100 GetConsoleMode
0x427104 ReadFile
0x427108 GetFileSizeEx
0x42710c SetFilePointerEx
0x427110 ReadConsoleW
0x427114 HeapReAlloc
0x427118 FindClose
0x42711c FindFirstFileExW
0x427120 FindNextFileW
0x427124 IsValidCodePage
0x427128 WriteConsoleW
WININET.dll
0x427130 InternetOpenUrlW
0x427134 InternetReadFile
0x427138 InternetCloseHandle
0x42713c InternetOpenW
WS2_32.dll
0x427144 WSACleanup
EAT(Export Address Table) is none